Clinton
-
Posts
337 -
Joined
-
Last visited
Posts posted by Clinton
-
-
Ok, not I am primarily using POST on my site. Those are not cookies right? They are just being stored on the server being passed from page to page?
If I was to use that script below would I just replace REQUEST with POST?
-
OK, i'll give it a shot.
RAREBIT, I was looking into the mysql_real_escape_string and it looks like it relies on get_magic_quotes_gpc which is discontinued in 6.0 :-|
-
Thanks rarebit, I definitely do. That's why I'm here. :-)
Webent, I'm looking in the manual about eregi, also ereg, and it says that it searches the string for a regular expression. How does it know what a regular expression is and how does that really stop it from doing anything? Just curious. :-)
Appreciate the help. I've never had to really worry about this but I putting something together that I don't need others looking into. :-)
-
LoL. Did CAPTCHA solve your situation or did you use the escape string as well?
-
No, I have not looked at either but I certainly will.
What exactly is this person looking for by doing this?
-
Ok, so everyday when I check my users list, the only db where you can insert something (as you are registering) without having to login, and there's a bunch of gibbrish as if somebody signed up but played around. But when somebody signs up I get an email approving or denying them yet I don't get any e-mails. It was happening repeatedly and I thought I blocked the IP address. I'm pretty sure it's a bot. If you google 'Dan1oo@yandex.ru' you will see it happens everywhere.
1) How exactly is this happening?
2) How do I prevent it from happening?
-
First off, i know there's a specific thread for Calculations but nobody ever looks there and so stuff gets unanswered for a while. Not only that but if the one person who does look doesn't know then it continues to be left unanswered for more days. So I'm posting here because somebody is bound to know...
I cannot figure this damn thing out. I spent probably the last 3 hours working on it changing variables, the calculations, etc. and I just can't get it. THe rest of the table works it is just not calculating correctly but it makes no sense to me. When I perform the calculations I don't have a problem with it. I don't know if it could be something with the elseif? Sometimes the signin could have a number in it, sometimes the signout could have a number in it, sometimes they both could have no numbers in it, but they will never have numbers in both sections at the same time.
OK, it's pulling the 'weight' of the item from the previous post. Now, it wasn't updating correctly and I realized that was because I was accounting for the addition or subtraction or the item that this particular page was designed for. So basically I need to take the 'weight' as POSTed, account for the change and then update it.
Let's say a car weights 1.3 tons.
I've currently got 3 cars in the db so it should say 3.9.
I want to take 1 car way so I do that. The variables passed are 'weight' 3.9 and signout '1'.
Now, they aren't going to sign things in and out at the same time but I had to figure out a way to incorporate that, that's where the variable grandtotal comes in. If they are signing a car out then signout will be 1 and signout will be 0 and the total will still be 1.
Then I need to take that total and times it by the weight of one car. In this case 1.3 * 1 = 1.3.
But crazy's don't believe in pounds so I have to convert it to grams. So, 1.3 / 456.... blah blah.
Then I have to take the weight as was reported from the POST and either add to it if I"m adding more cars to the inventory or subtract from it if I'm taking cars away.
Then I want to enter that total updated weight into the system... and... it's not working. The damned thing hates me. I don't even understand it anymore. It's like I change one variable and it's way off and I change another and it's the opposite of what it's suppose to be. :-| Doesn' t make sense anymore.
<?php session_start(); $tablename = $_POST['tablename']; $datecode = $_POST['datecode']; $producttype = $_POST['producttype']; $transactiondate = $_POST['transactiondate']; $joblocation = $_POST['joblocation']; $jobnumber = $_POST['jobnumber']; $signout = $_POST['signout']; $signin = $_POST['signin']; $outinby = $_POST['outinby']; $weight = $_POST['weight']; $page = $_POST['page']; $choice = $_POST['choice']; $type = $_POST['type']; $grandtotal = ($signin + $signout); $powder = mysql_query("SELECT new FROM master WHERE name = '$type'") or die(mysql_error()); if ( $signin == $signout) echo "<p> </p>"; elseif ( $signin == "") { while($sp = mysql_fetch_array($powder)){ $new = $sp['new']; $totalgrams = ($grandtotal * $new); $totalgrams = ($totalgrams / 453.59237); $weight = ($weight - $totalgrams); } } elseif ( $signout == "") { while($sp = mysql_fetch_array($powder)){ $new = $sp['new']; $totalgrams = ($grandtotal * $new); $totalgrams = ($totalgrams / 453.59237); $weight = ($weight + $totalgrams); } } else echo "<p> </p>"; $sql2 = "UPDATE weights SET currentweight = '$weight' WHERE tablename = '$tablename'"; echo $sql2; $result2 = mysql_query($sql2) or die(mysql_error()); ?> -
-
OK, it's pulling the 'weight' of the item from the previous post. Now, it wasn't updating correctly and I realized that was because I was accounting for the addition or subtraction or the item that this particular page was designed for. So basically I need to take the 'weight' as POSTed, account for the change and then update it.
Let's say a car weights 1.3 tons.
I've currently got 3 cars in the db so it should say 3.9.
I want to take 1 car way so I do that. The variables passed are 'weight' 3.9 and signout '1'.
Now, they aren't going to sign things in and out at the same time but I had to figure out a way to incorporate that, that's where the variable grandtotal comes in. If they are signing a car out then signout will be 1 and signout will be 0 and the total will still be 1.
Then I need to take that total and times it by the weight of one car. In this case 1.3 * 1 = 1.3.
But crazy's don't believe in pounds so I have to convert it to grams. So, 1.3 / 456.... blah blah.
Then I have to take the weight as was reported from the POST and either add to it if I"m adding more cars to the inventory or subtract from it if I'm taking cars away.
Then I want to enter that total updated weight into the system... and... it's not working. The damned thing hates me. I don't even understand it anymore. It's like I change one variable and it's way off and I change another and it's the opposite of what it's suppose to be. :-| Doesn' t make sense anymore.
-
I cannot figure this damn thing out. I spent probably the last 3 hours working on it changing variables, the calculations, etc. and I just can't get it. THe rest of the table works it is just not calculating correctly but it makes no sense to me. When I perform the calculations I don't have a problem with it. I don't know if it could be something with the elseif? Sometimes the signin could have a number in it, sometimes the signout could have a number in it, sometimes they both could have no numbers in it, but they will never have numbers in both sections at the same time. Any help would be appreciated:
<?php session_start(); $tablename = $_POST['tablename']; $datecode = $_POST['datecode']; $producttype = $_POST['producttype']; $transactiondate = $_POST['transactiondate']; $joblocation = $_POST['joblocation']; $jobnumber = $_POST['jobnumber']; $signout = $_POST['signout']; $signin = $_POST['signin']; $outinby = $_POST['outinby']; $weight = $_POST['weight']; $page = $_POST['page']; $choice = $_POST['choice']; $type = $_POST['type']; $grandtotal = ($signin + $signout); $powder = mysql_query("SELECT new FROM master WHERE name = '$type'") or die(mysql_error()); if ( $signin == $signout) echo "<p> </p>"; elseif ( $signin == "") { while($sp = mysql_fetch_array($powder)){ $new = $sp['new']; $totalgrams = ($grandtotal * $new); $totalgrams = ($totalgrams / 453.59237); $weight = ($weight - $totalgrams); } } elseif ( $signout == "") { while($sp = mysql_fetch_array($powder)){ $new = $sp['new']; $totalgrams = ($grandtotal * $new); $totalgrams = ($totalgrams / 453.59237); $weight = ($weight + $totalgrams); } } else echo "<p> </p>"; $sql2 = "UPDATE weights SET currentweight = '$weight' WHERE tablename = '$tablename'"; echo $sql2; $result2 = mysql_query($sql2) or die(mysql_error()); ?> -
I put " " around it and it worked. SO many little things to remember. :-) Thanks.
-
I'm getting an error like I'm missing a semicolon but I'm not. What's wrong with this?
<? $tablename = $datecode$producttype; ?>
-
Forgot about those reserved words. That was the problem. Thank you.
-
I need to set my query with two WHERE clauses. What's wrong with the code below?
SELECT * FROM masterlist WHERE producttype = 'MS NONEL' AND delete = '0' ORDER BY datecode
-
Here's the answer:
$sql = "INSERT INTO `$tablename` (datecode, producttype, transactiondate, joblocation, jobnumber, signout, signin, outinby) VALUES ('$datecode', '$producttype', '$transactiondate', '$joblocation', '$jobnumber', '$signout', '$signin', '$outinby')"; -
Ok, there was a space in MS NONEL so I put backticks in that value as well and it's gone but there are no spaces now and I'm still getting the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' 90, CA)' at line 1
What a pain.
-
Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'NONEL, 2008-06-06, Montenay, 8321-A44, , 90, c)' at line 1
-
Did that, didn't update: ???
INSERT INTO `23MA04MS NONEL` (datecode, producttype, transactiondate, joblocation, jobnumber, signout, signin, outinby) VALUES (23MA04, MS NONEL, 2008-06-06, Montenay, 8321-A44, , 90, CA)
-
The sessions working fine. Ummm... here's what I got for echoing the string. It looks like everything is correct.
INSERT INTO 23MA04MS NONEL (datecode, producttype, transactiondate, joblocation, jobnumber, signout, signin, outinby) VALUES (23MA04, 'MS NONEL', '2008-06-06', 'Montenay', '8321-A44', '', '90', 'CA')
Let me try the backticks but I'm pretty sure I did try those.
-
The vars echo correctly, how do I echo the string?
-
<?php session_start(); $tablename = $_POST['tablename']; $datecode = $_POST['datecode']; $producttype = $_POST['producttype']; $transactiondate = $_POST['transactiondate']; $joblocation = $_POST['joblocation']; $jobnumber = $_POST['jobnumber']; $signout = $_POST['signout']; $signin = $_POST['signin']; $outinby = $_POST['outinby']; $page = $_POST['page']; if ( @$_SESSION['login'] == "yes" AND @$_SESSION['released'] == "0" ) { $_SESSION['location'] == $location; $username = ""; $password = ""; $hostname = ""; $dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL"); $selected = mysql_select_db("clintona_".$location."Inventory",$dbhandle) or die("Can not open the Inventory Database. Please consult your local dialing directory or try your call later."); $result = mysql_query("INSERT INTO '$tablename' (datecode, producttype, transactiondate, joblocation, jobnumber, signout, signin, outinby) VALUES ('$datecode', '$producttype', '$transactiondate', '$joblocation', '$jobnumber', '$signout', '$signin', '$outinby')"); ?> <html> <head> <meta http-equiv="refresh" content="1; url=<? echo $page ?>.php"> <title></title> </head> <body bgcolor="#FFFFFF"> </body> </html> <? } else if ( @$_SESSION['login'] == "yes" AND @$_SESSION['released'] == "1" ) { echo "Your previous access has been revoked. <meta http-equiv='refresh' content='3;url=http:' /> "; } else { echo "You have tried to enter a Employee Area only. Please login. <meta http-equiv='refresh' content='3;url=http:/' /> "; } mysql_close($dbhandle); ?> -
I've got this below - It was working when I just had one column. But when I added more columns, some had numbers in the signin and some didn't, it stopped working. Any idea?
$sumadd = mysql_query("SELECT SUM(signin) FROM `$table` GROUP BY `datecode`") or die(mysql_error()); while($row = mysql_fetch_array($sumadd)){extract($row); echo "<center>Total Add for $choice = $signin"; echo "<br />"; -
Ok. Thank you.
-
Yea, the ' didn't do it. The backticks, however did.
Howcome?
Unauthorized db inputs
in PHP Coding Help
Posted
Ok, will do. And I use that for every variable being POSTed, correct?
Also, I read this:
Is this saying that everywhere I have " in my website, such as a query statement that I should replace it with "?